---
apiVersion: v1
kind: Secret
metadata:
  name: opensearch-roles-mapping
  namespace: es
type: Opaque
stringData:
  roles_mapping.yml: |
    ---
    # In this file users, backendroles and hosts can be mapped to Security roles.
    # Permissions for OpenSearch roles are configured in roles.yml

    _meta:
      type: "rolesmapping"
      config_version: 2

    # Define your roles mapping here

    ## Demo roles mapping

    all_access:
      reserved: false
      backend_roles:
      - "admin"
      description: "Maps admin to all_access"

    own_index:
      reserved: false
      users:
      - "*"
      description: "Allow full access to an index named like the username"

    logstash:
      reserved: false
      backend_roles:
      - "logstash"

    kibana_user:
      reserved: false
      backend_roles:
      - "kibanauser"
      description: "Maps kibanauser to kibana_user"

    readall:
      reserved: false
      backend_roles:
      - "readall"

    manage_snapshots:
      reserved: false
      backend_roles:
      - "snapshotrestore"

    kibana_server:
      reserved: true
      users:
      - "kibanaserver"